Cyber Criminals Now Target SMB Bank Accounts

As per the "Web Hacking Incident Database" report by Trustwave's SpiderLabs, cybercriminals have increased attacks on small and medium businesses (SMBs) bank accounts using customized Trojans.

The company studied 158 incidents came into the public notice during the H1-2010 to evaluate the business impact of Web application security attacks.

According to the report, the most noticeable trend for the first half of year 2010 was the sudden rise in targeted attacks against the financial vertical market. This is mainly due to the fact that cyber crooks are attacking SMB's online banking accounts.

The report also revealed an augment in the employ of client-side banking Trojans. Among these Trojans, the most famous is the notorious Zeus malware. These Trojans observe and hack customers' accounts details and can modify transfer request data.

Moreover, the main motive of cybercriminals is stealing information followed by damaging websites or injecting malware. The report stated that hackers would frequently penetrate into a website to gather information or to spoil it. They also inject malware that will further hack other systems, helping them accomplish their goal in other locations.

The report also evaluates drivers for Web hacking incidents, citing numerous results of the successful attacks in the WHID (Web Hacking Incident Database), all of which can result in serious consequences. The main driver is the leakage of information, while the second top driver is defacements of websites. This is mainly destructive as most businesses today depend on their website to be the mirror of their organization, security expert commented.

The third most prevalent outcome was financial loss driven by profit-seeking cybercriminals.

The report reveals that organizations cannot appropriately reply to Web hacking incidents because of lack of sufficient logging and security information and event management facilities. If appropriate monitoring mechanisms are not available, attacks and successful compromises could not be discovered for long period.

Meanwhile, SMB's bank accounts are not the only exclusive target of cyber-crooks. The report also stated that majority of cases were political in nature, attacking political parties, government departments and candidates, often with a very definite message linked to a campaign, whereas others appear to have a cultural aspect.